Main menu

Tor At The Heart: Cryptocurrencies

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.Donate today!

The topic for today is electronic money. The blockchain is pretty hot right now! Bitcoin, dogecoin, ethereum, zcash you name it... Cryptocurencies have grown from e-toys to globally recognized systems by facilitating free and borderless trade, no bank fees and improved privacy.

You are reading the Tor blog, so let's focus on the privacy and anonymity part. Could cryptocurrencies claim that they provide privacy if Tor was not around to give strong transport-layer anonymity?

To visualize this, let's go through just a few ways Tor is used around the cryptocurrency ecosystem. We will mainly focus on Bitcoin, but the same applies to most blockchain-based cryptocurrencies:

Tor provides privacy to cryptocurrency transactions!

Let's imagine that Alice wants to buy a ticket for Torconf, the best (fictional) conference on computer anonymity. She wants to buy the ticket with Bitcoin so that she does not reveal her interests to her bank or her identity to the conference organizers. To buy the ticket with Bitcoin, she needs to perform a Bitcoin transaction.

Bitcoin transactions work by Alice broadcasting her transaction to a few Bitcoin supernodes. Those nodes then propagate the transaction further to the rest of the Bitcoin network until it becomes recognized. If Alice did not use Tor to conduct her transaction, those initial supernodes trivially learn the IP address of Alice. Furthermore, since the Bitcoin blockchain is a public log of transactions, analysts could match her newest transaction with her previous transactions and just follow the money trail. These are just some of the many well knownprivacy risks of Bitcoin, and companies have been collecting and selling social graph analytics of the Bitcoin blockchain for years now...

Given the above threats, it should be no surprise that most Bitcoin clients give the option to their users to perform transactions over the Tor network. By routing traffic over Tor, no one learns the origin IP address of Alice when she buys her Torconf ticket.

Furthermore, even the hottest and newest cryptocurrencies (like Zcash) that provide transaction anonymity as a fundamental security property still benefit from Tor's transport-layer anonymity to actually anonymize the networking part of the Zcash transaction.

We feel that Tor has tremendously helped the cryptocurrency community to grow just by providing transport-layer anonymity to transactions! Also, please remember that maintaining anonymity is not an easy task, so always be up-to-date on the latest security news depending on your threat model.

Tor secures cryptocurrency networks!

Apart from users performing anonymous Bitcoin transactions, the Bitcoin network itself uses Tor to increase its defenses. Since last year, the Bitcoin core project has integrated Tor onion services to their core network daemon. If Tor is installed in the system, Bitcoin will automatically create an onion service and act as a Bitcoin node over Tor to avoid leaking the real IP address of the node. This provides greater network resilience and protection against targeted attacks to Bitcoin nodes. You can see that there are hundreds of Tor bitcoin nodes. Zcash and other cryptocurrencies have followed the same path.

Furthermore, many mining pools advertise onion service support for their miners. Bitcoin infrastructure has been a target of hackers for a while, and virgin blocks are more and more valuable, so having anonymity as a miner is a desirable security property.

Tor protects the wider cryptocurrency ecosystem!

If you take a look around the Bitcoin world, you will notice that Tor support is advertised by all sorts of websites and services! Most bitcoin-related websites have onion sites that people can visit over Tor: for example, blockchain.info has been running a popular Tor onion service for its users. Most Bitcoin tumbler services also work over Tor onion services. Same goes for websites and forums offering help with Bitcoin. This is obviously done because the Bitcoin community has a great appreciation and need for privacy.

Tor is proud to have helped the cryptocurrency community grow over the years. We believe that electronic currencies can be a powerful tool for social change, but also a great scientific research area with results that can benefit other areas, like secure electronic voting, consensus algorithms, append-only data structures and secure name systems.

Bitcoin does the correct thing. ZCash is a fork of Bitcoin with a poorly implemented plugin that is meant to provide support for the ZeroCash protocol, but it inherits the same Tor support that Bitcoin developed. It is an insult to the Bitcoin developers to list ZCash as if it's done any work in this arena at all.

It's also pretty telling that Monero is entirely ignored by this article, despite it's cypherpunk routes and pro-privacy efforts, simply because it is focused on i2p in addition to Tor (https://github.com/monero-project/kovri).

> Not co-operating with I2P could very well be the actual, long-term downfall of Tor,

How so?

Years ago I2P was in Tails, but it seems to have been dropped. Years ago an independent security audit found flaws in I2P, but I don't know whether they have been fixed. If you know more, please explain.

Great post as usual! What do you think about OWS' BitHub = Bitcoin + GitHub https://whispersystems.org/blog/bithub/ ? Do you think you may implement such a thing for the Tor Project in the future? Thanks! And Happy end of the year!

I'm surprised (though only a little) that Torcoin wasn't mentioned. Yes, the project does seem to be abandoned, last time I checked, but still, Tor blog, Torcoin...

For those who don't know, Torcoin was a cryptocurrency that used a technique (protocol?) called TorPath to track Tor relays and their bandwidth, and associate a Torcoin address with them, allowing relays to mine coins by providing bandwidth to the network. I think it could have been an interesting, if not valuable, cryptocurrency that would have benefitted the Tor network, but unfortunately I lack the skills to revive it. Note that Torcoin was never developed or endorsed by the Tor Project, afaik. Any thoughts (even if trivial) from the Tor people about Torcoin?

Torcoin was indeed never developed or endorsed by the Tor project. The fact that 'Tor' is in its name is a bit sneaky on their part, since it actually confuses people into thinking it's an official project or that we should write blog posts about it.

I find the Torcoin concept kinda intriguing actually, but for this blog post I decided to focus on the really active and alive cryptocurrency projects benefiting from Tor.

AFAIK, applying Tor to the problem of designing safe and secure cryptocurrences was not envisaged when onion routing was created.

I have a strategic suggestion for Shari: another possible future application for Tor might be the problem of designing safe and secure evoting systems which feature strong authentication just before the vote is cast, but preserve anonymity for the actual vote. See

> The right to an anonymous vote is a cornerstone of the U.S. democratic process. Yet from the time until you walk into the voting booth until long, long after you cast your ballot, your personal information is a highly sought-after commodity. Often your name, contact details, and political leanings are frighteningly easy for political campaigns to access, collect, share, trade, and sell.

Maybe Tor Project can put this on the list of suggested research topics for the privacy technology academic community?

If we have/had a crypto-currency which is:
- Anonymous
- Lightweight on the client side (not miners)
and a browser add-on that allow websites visitors to pay tiny amount of money at each visit, We could put an end to all the adds and privacy abuse from websites.
If we take most major news websites as an example:
- They don't gain much at each visit with the adds
- They invade readers privacy as much as possible
- The user pay in computer power and electricity (Tons of javascripts) and bandwidth for the privacy invasion
- The articles are often sponsored by companies voiding the little journalistic independence that was left.

At the end of the day the journalists also need to be paid but deteriorating the quality of the articles and abusing users to do it defeats the point.

However if we had a browser add-on that uses an anonymous and lightweight crypto-currency to make the user finance such websites with really tiny amount of money (given the amount of revenue generated by adds it will not be hard to match) we could finance journalism, and have journalists have even better independence.

This could also extend to finance many of the people that do videos on youtube professionally without needing them to rely on youtube at all.

As a "fully torified news junkie", if there were only some easy to use and highly secure and throughly anonymous ecurrency I could use, I would voluntarily contribute to support my favorite news organizations.

Such a development would not be at all easy to achieve, I think, but it could solve the problem of Google and other giants of the next relying on stealing and sharing with anyone willing to pay so much extremely detailed and potentially dangerous information every citizen's minute by minute location and activities.

It follows that our community to should try to persuade Google to Make it So.

Bitsquare is a decentralized Bitcoin exchange using Tor hidden services for it's custom P2P network. It uses a similar concept like Ricochet though is implemented in Java and does not share any code base with Ricochet.
In Bitsquare all traffic is routed over Tor by default. Tor is integrated so the user does not need to install or configure anything. It is all open source (AGPL) and a community project.
If any dev with Tor experience wants to help, please get in touch! There is plenty of work to be done...

Recent Updates

Hi! There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.3.3.2-alpha from the usual place on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release some time in February.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

Tor 0.3.3.2-alpha is the second alpha in the 0.3.3.x series. It introduces a mechanism to handle the high loads that many relay operators have been reporting recently. It also fixes several bugs in older releases. If this new code proves reliable, we plan to backport it to older supported release series.

Changes in version 0.3.3.2-alpha - 2018-02-10

Major features (denial-of-service mitigation):

Give relays some defenses against the recent network overload. We start with three defenses (default parameters in parentheses). First: if a single client address makes too many concurrent connections (>100), hang up on further connections. Second: if a single client address makes circuits too quickly (more than 3 per second, with an allowed burst of 90) while also having too many connections open (3), refuse new create cells for the next while (1-2 hours). Third: if a client asks to establish a rendezvous point to you directly, ignore the request. These defenses can be manually controlled by new torrc options, but relays will also take guidance from consensus parameters, so there's no need to configure anything manually. Implements ticket 24902.

Major bugfixes (netflow padding):

Stop adding unneeded channel padding right after we finish flushing to a connection that has been trying to flush for many seconds. Instead, treat all partial or complete flushes as activity on the channel, which will defer the time until we need to add padding. This fix should resolve confusing and scary log messages like "Channel padding timeout scheduled 221453ms in the past." Fixes bug 22212; bugfix on 0.3.1.1-alpha.